A week or so I discovered that Android P has DNS over TLS support! It piqued my curiousity - could it finally be that DNS encryption goes mainstream?

In this post we’ll survey DNS over TLS, implement a client and share some thoughts!

TL;DR

Sure, with DNS over TLS your DNS queries are encrypted - that’s a major step forward! Nevertheless, the majority of the web relies on SNI (Server Name Indication), which sends the domain name in plaintext! (not for long?).

I created a DNS over TLS Node.js package, install with $ npm i dns-over-tls:

Threats to users’ privacy and security are growing. At Mozilla, we closely track these threats. We believe we have a duty to do everything we can to protect Firefox users and their data.

We’re taking on the companies and organizations that want to secretly collect and sell user data. This is why we added tracking protection and created the Facebook container extension. And you’ll be seeing us do more things to protect our users over the coming months.

Two more protections we’re adding to that list are:

DNS over HTTPS, a new IETF standards effort that we’ve championed

Trusted Recursive Resolver, a new secure way to resolve DNS that we’ve partnered with